Mind the Digital Security Gap

December 2, 2016, Jay Huff

In our daily interactions with organizations of all kinds, we see a common business focus on and investment in digital channels for engaging with prospects and customers. When it comes to securing those channels, the picture across these organizations is not so uniform. I recently attended a security conference where the analyst keynote was about organizations transforming themselves into digital businesses and the pressure this was putting on security teams as they struggle to keep up with the new types of risks being introduced. You could see that the topic resonated with the audience.

At RiskIQ we recently commissioned a survey of C-Level and senior executives from 250 large UK organizations to try to quantify this disconnect. The results were interesting.

The first takeaway is that the growing risk to organizations’ web properties, mobile applications, and social media accounts is widely recognized. 90 percent of respondents agreed that their organization is more at risk from cyber security attacks and digital brand impersonation compared to five years ago and 82 percent cited that the security of their digital channels was now a boardroom concern. 85 percent said that cyber concerns are affecting the rollout of new digital initiatives, affecting business progress.

Fig-1 Download the rest of the infographic below

When we look at who in the organization is responsible, we see a less uniform response. 34 percent placed responsibility with the CEO, 39 percent with the ClO and only 10 percent with the CISO. Our experience is that this ambiguity is typical.

Although 88 percent rated their knowledge of cyber security and digital brand protection as good to excellent, over half, don’t have a digital brand protection program and over a third don’t have a particular cybersecurity program in place. One-quarter either don’t know or don’t monitor their digital channels.

The gap between acknowledgment and response highlights how rapid the rise of digital channels has been and how, in some organizations, changes to organizational structures and responsibilities are not keeping pace with the evolving threats.